Open
Description
Describe the bug
When installing into nginx bundled on CloudPanel 2.5.0 installation, it fails nginx config check
To Reproduce
Install CloudPanel 2.5.0
Install Ultimate Bad Bot Blocker running sudo ./setup-ngxblocker -v /etc/nginx/sites-enabled -x
(running script without -v returns no vhost files in: [ /etc/nginx/sites-available/*.vhost ] => exiting.)
Expected behavior
Validate `sudo nginx -t' successfully
Error
nginx: [warn] duplicate network "138.199.57.151", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18972
nginx: [warn] duplicate network "143.244.38.129", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:18988
nginx: [warn] duplicate network "195.181.163.194", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19083
nginx: [warn] duplicate network "5.188.120.15", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19210
nginx: [warn] duplicate network "89.187.173.66", value: "0", old value: "1" in /etc/nginx/conf.d/globalblacklist.conf:19257
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:4
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:5
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: [emerg] zero size shared memory zone "flood"
nginx: configuration file /etc/nginx/nginx.conf test failed
Note: a clean CloudPanel installation returns this:
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:4
nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/custom-domain.conf:5
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Server (please complete the following information):
-
Operating System:
-
Ubuntu 24.04
-
Specify Exact Version of OS:
Linux ip-x-x-x-x 6.8.0-1021-aws #23-Ubuntu SMP Mon Dec 9 23:51:16 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux
- Nginx Version [post output of sudo nginx -v]
nginx version: nginx/1.26.2
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/home/clp/packaging/nginx/tmp/nginx-1.26.2=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -mbranch-protection=standard -fdebug-prefix-map=/home/clp/packaging/nginx/tmp/nginx-1.26.2=/usr/src/nginx-1.26.2-3+clp-noble -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_v3_module --with-openssl-opt=enable-ktls --with-compat --with-http_dav_module --with-http_slice_module --with-threads --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/ngx-brotli --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-auth-pam --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-dav-ext --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-upstream-fair --add-dynamic-module=/home/clp/packaging/nginx/tmp/nginx-1.26.2/debian/modules/http-subs-filter
nginx.conf file:
user root;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 8192;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 2000;
# multi_accept on;
}
http {
##
# Basic Settings
##
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
real_ip_recursive on;
set_real_ip_from 127.0.0.1;
set_real_ip_from 10.0.0.0/8;
set_real_ip_from 172.16.0.0/12;
set_real_ip_from 192.168.0.0/16;
set_real_ip_from 0.0.0.0/0;
#real_ip_header X-Forwarded-For;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format cloudflare '$http_cf_connecting_ip - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
##
# Nginx Bad Bot Blocker Includes
# REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
##
include /etc/nginx/conf.d/botblocker-nginx-settings.conf;
include /etc/nginx/conf.d/globalblacklist.conf;
tcp_nodelay on;
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 64M;
keepalive_timeout 65;
types_hash_max_size 2048;
server_names_hash_bucket_size 128;
server_tokens off;
port_in_redirect off;
access_log off;
disable_symlinks if_not_owner from=/home/;
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
include /etc/nginx/blocked_ips;
pagespeed off;
pagespeed XHeaderValue 1;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_prefer_server_ciphers on;
ssl_conf_command Options KTLS;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Limit the requests for php
##
limit_req_zone $binary_remote_addr zone=limit:10m rate=1r/s;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 8;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;
##
# Brotli Settings
##
brotli on;
brotli_comp_level 8;
brotli_static on;
brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg application/javascript image/svg+xml;
##
# Virtual Host Configs
##
include /etc/nginx/sites-enabled/*.conf;
}
- Other Environments [include Version information]
- Other
- Specify Other / Specific Version Information Here:
CloudPanel 2.5.0